Regenerate AI Code Guardrails shadow dossier
This commit is contained in:
parent
0ca8f05f74
commit
de61e1afed
1 changed files with 53 additions and 46 deletions
|
|
@ -60,15 +60,16 @@ If anything goes sideways, we can always point to the PR thread and note that it
|
|||
|
||||
```mermaid
|
||||
flowchart TD
|
||||
A[Code change] --> B[Pull request opened]
|
||||
B --> C[Automated scan: PR checks]
|
||||
A["Code change"] --> B["Pull request opened"]
|
||||
B --> C["Automated scan: PR checks"]
|
||||
C --> D{Findings?}
|
||||
D -->|None| E[Merge]
|
||||
D -->|Some| F[Ticket created]
|
||||
F --> G[Exception request]
|
||||
G --> H[Alignment session]
|
||||
H --> I[Risk accepted: documented]
|
||||
D -->|None| E["Merge"]
|
||||
D -->|Some| F["Ticket created"]
|
||||
F --> G["Exception request"]
|
||||
G --> H["Alignment session"]
|
||||
H --> I["Risk accepted: documented"]
|
||||
I --> E
|
||||
|
||||
```
|
||||
|
||||
## SHIFTING LEFT: AVOIDING AI- GENERATED CODE INEFFICIENCIES
|
||||
|
|
@ -86,14 +87,15 @@ We recommend a pilot cohort, a slide deck, and an FAQ, so the shift remains cult
|
|||
|
||||
```mermaid
|
||||
flowchart TD
|
||||
A[Developer writes code] --> B[IDE scan: local]
|
||||
A["Developer writes code"] --> B["IDE scan: local"]
|
||||
B --> C{Issue found?}
|
||||
C -->|Yes| D[Fix now]
|
||||
C -->|No| E[Commit]
|
||||
E --> F[PR checks]
|
||||
A --> G[Agent workflow]
|
||||
G --> H[Local MCP scan]
|
||||
C -->|Yes| D["Fix now"]
|
||||
C -->|No| E["Commit"]
|
||||
E --> F["PR checks"]
|
||||
A --> G["Agent workflow"]
|
||||
G --> H["Local MCP scan"]
|
||||
H --> E
|
||||
|
||||
```
|
||||
|
||||
## 01 — REQUEST EVIDENCE OF LOCAL SECURITY TESTING
|
||||
|
|
@ -111,16 +113,17 @@ Once the screenshot is uploaded, it can be stored in a folder with a robust heri
|
|||
|
||||
```mermaid
|
||||
flowchart TD
|
||||
A[Developer requests access] --> B[Upload screenshot]
|
||||
B --> C[Attestation captured]
|
||||
C --> D[Access enabled]
|
||||
D --> E[Local testing: claimed]
|
||||
E --> F[Periodic audit]
|
||||
A["Developer requests access"] --> B["Upload screenshot"]
|
||||
B --> C["Attestation captured"]
|
||||
C --> D["Access enabled"]
|
||||
D --> E["Local testing: claimed"]
|
||||
E --> F["Periodic audit"]
|
||||
F --> G{Still compliant?}
|
||||
G -->|Yes| D
|
||||
G -->|No| H[Access paused pending review]
|
||||
H --> I[Alignment session]
|
||||
G -->|No| H["Access paused pending review"]
|
||||
H --> I["Alignment session"]
|
||||
I --> D
|
||||
|
||||
```
|
||||
|
||||
### Code Assistant Access Request Form
|
||||
|
|
@ -144,13 +147,14 @@ If the dashboard ever shows a red triangle, we can immediately form the Committe
|
|||
|
||||
```mermaid
|
||||
flowchart TD
|
||||
A[Collect usage signals] --> B[Correlate assistants vs scans]
|
||||
B --> C[Identify gaps]
|
||||
C --> D[Notify developers]
|
||||
D --> E[Remediation window]
|
||||
E --> F[Dashboard update]
|
||||
F --> G[Quarterly KPI trend review]
|
||||
G --> H[Action items: optional]
|
||||
A["Collect usage signals"] --> B["Correlate assistants vs scans"]
|
||||
B --> C["Identify gaps"]
|
||||
C --> D["Notify developers"]
|
||||
D --> E["Remediation window"]
|
||||
E --> F["Dashboard update"]
|
||||
F --> G["Quarterly KPI trend review"]
|
||||
G --> H["Action items: optional"]
|
||||
|
||||
```
|
||||
|
||||
## 03 — INTEGRATE SECURITY AWARENESS INTO DEVELOPER TRAINING
|
||||
|
|
@ -168,15 +172,16 @@ The goal is not mastery; the goal is a completion certificate that can be forwar
|
|||
|
||||
```mermaid
|
||||
flowchart TD
|
||||
A[Onboarding] --> B[Training module]
|
||||
B --> C[Quiz]
|
||||
A["Onboarding"] --> B["Training module"]
|
||||
B --> C["Quiz"]
|
||||
C --> D{Pass?}
|
||||
D -->|Yes| E[Certificate issued]
|
||||
D -->|No| F[Retake scheduled]
|
||||
E --> G[Access request approved]
|
||||
G --> H[Usage begins]
|
||||
H --> I[Refresher cadence]
|
||||
D -->|Yes| E["Certificate issued"]
|
||||
D -->|No| F["Retake scheduled"]
|
||||
E --> G["Access request approved"]
|
||||
G --> H["Usage begins"]
|
||||
H --> I["Refresher cadence"]
|
||||
I --> B
|
||||
|
||||
```
|
||||
|
||||
### Quiz
|
||||
|
|
@ -201,13 +206,14 @@ This is the "not my job" routing protocol, except the router is policy and the d
|
|||
|
||||
```mermaid
|
||||
flowchart TD
|
||||
A[Policy defined] --> B[Endpoint management]
|
||||
A["Policy defined"] --> B["Endpoint management"]
|
||||
B --> C{Prerequisites met?}
|
||||
C -->|Yes| D[Assistant enabled]
|
||||
C -->|No| E[Blocked by policy]
|
||||
E --> F[Exception request]
|
||||
F --> G[Owner approval]
|
||||
C -->|Yes| D["Assistant enabled"]
|
||||
C -->|No| E["Blocked by policy"]
|
||||
E --> F["Exception request"]
|
||||
F --> G["Owner approval"]
|
||||
G --> D
|
||||
|
||||
```
|
||||
|
||||
```json
|
||||
|
|
@ -242,14 +248,15 @@ Secure innovation is not just possible; it is operational, provided we align on
|
|||
|
||||
```mermaid
|
||||
flowchart TD
|
||||
A[Desire: secure innovation] --> B[Guardrails planned]
|
||||
B --> C[Pilot cohort]
|
||||
C --> D[Deck + FAQ]
|
||||
D --> E[Stakeholder alignment]
|
||||
E --> F[Incremental rollout]
|
||||
F --> G[Measure adoption]
|
||||
G --> H[Reframe as iteration]
|
||||
A["Desire: secure innovation"] --> B["Guardrails planned"]
|
||||
B --> C["Pilot cohort"]
|
||||
C --> D["Deck + FAQ"]
|
||||
D --> E["Stakeholder alignment"]
|
||||
E --> F["Incremental rollout"]
|
||||
F --> G["Measure adoption"]
|
||||
G --> H["Reframe as iteration"]
|
||||
H --> E
|
||||
|
||||
```
|
||||
|
||||
---
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue